Wow, my account on Coinhako just got emptied. 17th October hacker accessed my account and initiated transfer and zero security trigger by unknown device, zero transaction verification via email. I hadn't set up 2FA due to not being able to spot it on their website (lame I know) but thought my password was secure and long. Why is there not even an email notification for outgoing transaction when there is one for incoming transaction? Thanks CH I just lost 0.2btc. Also, coincidence much that on 19th a new coinhako blogpost is up regarding account security? Makes me think some other people had their accounts compromised too.
Can anyone give any advice? Would I be able to at least demand the IP address of the hacker who stole my coins or does Coinhako even track devices!?
Coinhako, if your reading this please help.
this is quite scary man. there should have been emails about the transactions at least. have you tried contacting them directly?
IKR. Yes, reply finally came in this morning saying they would investigate. I went down to Police HQ for statement taking and now my case is with CID cybercrime dept. At least someone is looking at my case. Honestly the security at Coinhako is damn lax. They claimed "2-Factor authentication for all users", but their site is kind of minimalistic and I did not expect the 2FA option to be tucked away in a small corner under a drop down menu. Usually I would have called in but the slow customer service put me off trying to correspond with them, and I assumed it was mandatorily set up for all users somehow.
Yeah and the worse parts were that there was no detection of new devices and trigger of email verification. Coinbase and Blockchain have these in place because it concerns money and that should be the bare minimum. So I wrote in to them very mad, the hacker had a pretty damn easy job of just figuring out my PW, and seeing how there wasn't any notification of an outgoing transaction, I wouldn't even have noticed if I hadn't logged in and checked out the balance.
OK la, lesson learnt. Don't play around with fire (online exchanges, especially not without 2FA).
i hope you recover your account bro. i registered with coinhako but luckily i didnt do any transactions. i got scared when they emailed me about their frozen DBS account. so far, im doing fine with coinbase + xfers.
im surprised with your long password, someone was able to guess it. lets hope its not an inside job and coinhako can give sufficient explanation.
as always - do not trust anyone. this applies to all crypto related stuff especially exchanges. only store coins in exchanges when you have to trade. if you wont be trading, always withdraw everything to your personal wallets.
also, always use 2FA for everything important immediately after creating any account. i personally use google authenticator/authy. very easy and convenient to use, supported by almost all the sites i use.
good luck brother!
